| Edition |
1st ed |
| Descript |
1 online resource (388 pages) |
|
text txt rdacontent |
|
computer c rdamedia |
|
online resource cr rdacarrier |
| Note |
Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Introduction to Advanced Infrastructure Penetration Testing -- Information security overview -- Confidentiality -- Integrity -- Availability -- Least privilege and need to know -- Defense in depth -- Risk analysis -- Information Assurance -- Information security management program -- Hacking concepts and phases -- Types of hackers -- Hacking phases -- Reconnaissance -- Passive reconnaissance -- Active reconnaissance -- Scanning -- Port scanning -- Network scanning -- Vulnerability scanning -- Gaining access -- Maintaining access -- Clearing tracks -- Penetration testing overview -- Penetration testing types -- White box pentesting -- Black box pentesting -- Gray box pentesting -- The penetration testing teams -- Red teaming -- Blue teaming -- Purple teaming -- Pentesting standards and guidance -- Policies -- Standards -- Procedures -- Guidance -- Open Source Security Testing Methodology Manual -- Information Systems Security Assessment Framework -- Penetration Testing Execution Standard -- Payment Card Industry Data Security Standard -- Penetration testing steps -- Pre-engagement -- The objectives and scope -- A get out of jail free card -- Emergency contact information -- Payment information -- Non-disclosure agreement -- Intelligence gathering -- Public intelligence -- Social engineering attacks -- Physical analysis -- Information system and network analysis -- Human intelligence -- Signal intelligence -- Open source intelligence -- Imagery intelligence -- Geospatial intelligence -- Threat modeling -- Business asset analysis -- Business process analysis -- Threat agents analysis -- Threat capability analysis -- Motivation modeling -- Vulnerability analysis -- Vulnerability assessment with Nexpose -- Installing Nexpose |
|
Starting Nexpose -- Start a scan -- Exploitation -- Post-exploitation -- Infrastructure analysis -- Pillaging -- High-profile targets -- Data exfiltration -- Persistence -- Further penetration into infrastructure -- Cleanup -- Reporting -- Executive summary -- Technical report -- Penetration testing limitations and challenges -- Pentesting maturity and scoring model -- Realism -- Methodology -- Reporting -- Summary -- Chapter 2: Advanced Linux Exploitation -- Linux basics -- Linux commands -- Streams -- Redirection -- Linux directory structure -- Users and groups -- Permissions -- The chmod command -- The chown command -- The chroot command -- The power of the find command -- Jobs, cron, and crontab -- Security models -- Security controls -- Access control models -- Linux attack vectors -- Linux enumeration with LinEnum -- OS detection with Nmap -- Privilege escalation -- Linux privilege checker -- Linux kernel exploitation -- UserLand versus kernel land -- System calls -- Linux kernel subsystems -- Process -- Threads -- Security-Enhanced Linux -- Memory models and the address spaces -- Linux kernel vulnerabilities -- NULL pointer dereference -- Arbitrary kernel read/write -- Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write -- Memory corruption vulnerabilities -- Kernel stack vulnerabilities -- Kernel heap vulnerabilities -- Race conditions -- Logical and hardware-related bugs -- Case study CVE-2016-4484 - Cryptsetup Initrd root Shell -- Linux Exploit Suggester -- Buffer overflow prevention techniques -- Address space layout randomization -- Stack canaries -- Non-executable stack -- Linux return oriented programming -- Linux hardening -- Summary -- Chapter 3: Corporate Network and Database Exploitation -- Networking fundamentals -- Network topologies -- Bus topology -- Star topology -- Ring topology -- Tree topology |
|
Mesh topology -- Hybrid topology -- Transmission modes -- Communication networks -- Local area network -- Metropolitan area network -- Wide area network -- Wireless network -- Data center multi-tier model design -- Open Systems Interconnection model -- In-depth network scanning -- TCP communication -- ICMP scanning -- SSDP scanning -- UDP Scanning -- Intrusion detection systems -- Machine learning for intrusion detection -- Supervised learning -- Unsupervised learning -- Semi-supervised learning -- Reinforcement -- Machine learning systems' workflow -- Machine learning model evaluation metrics -- Services enumeration -- Insecure SNMP configuration -- DNS security -- DNS attacks -- Sniffing attacks -- DDoS attacks -- Types of DDoS attacks -- Defending against DDoS attacks -- DDoS scrubbing centers -- Software-Defined Network penetration testing -- SDN attacks -- SDNs penetration testing -- DELTA: SDN security evaluation framework -- SDNPWN -- Attacks on database servers -- Summary -- Chapter 4: Active Directory Exploitation -- Active Directory -- Single Sign-On -- Kerberos authentication -- Lightweight Directory Access Protocol -- PowerShell and Active Directory -- Active Directory attacks -- PowerView -- Kerberos attacks -- Kerberos TGS service ticket offline cracking (Kerberoast) -- SPN scanning -- Passwords in SYSVOL and group policy preferences -- 14-068 Kerberos vulnerability on a domain controller -- Dumping all domain credentials with Mimikatz -- Pass the credential -- Dumping LSASS memory with Task Manager (get domain admin credentials) -- Dumping Active Directory domain credentials from an NTDS.dit file -- Summary -- Chapter 5: Docker Exploitation -- Docker fundamentals -- Virtualization -- Cloud computing -- Cloud computing security challenges -- Docker containers -- Docker exploitation -- Kernel exploits -- DoS and resource abuse |
|
Docker breakout -- Poisoned images -- Database passwords and data theft -- Docker bench security -- Docker vulnerability static analysis with Clair -- Building a penetration testing laboratory -- Summary -- Chapter 6: Exploiting Git and Continuous Integration Servers -- Software development methodologies -- Continuous integration -- Types of tests -- Continuous integration versus continuous delivery -- DevOps -- Continuous integration with GitHub and Jenkins -- Installing Jenkins -- Continuous integration attacks -- Continuous integration server penetration testing -- Rotten Apple project for testing continuous integration or continuous delivery system security -- Continuous security with Zed Attack Proxy -- Summary -- Chapter 7: Metasploit and PowerShell for Post-Exploitation -- Dissecting Metasploit Framework -- Metasploit architecture -- Modules -- Exploits -- Payloads -- Auxiliaries -- Encoders -- NOPs -- Posts -- Starting Metasploit -- Bypassing antivirus with the Veil-Framework -- Writing your own Metasploit module -- Metasploit Persistence scripts -- Weaponized PowerShell with Metasploit -- Interactive PowerShell -- PowerSploit -- Nishang - PowerShell for penetration testing -- Defending against PowerShell attacks -- Summary -- Chapter 8: VLAN Exploitation -- Switching in networking -- LAN switching -- MAC attack -- Media Access Control Security -- DHCP attacks -- DHCP starvation -- Rogue DHCP server -- ARP attacks -- VLAN attacks -- Types of VLANs -- VLAN configuration -- VLAN hopping attacks -- Switch spoofing -- VLAN double tagging -- Private VLAN attacks -- Spanning Tree Protocol attacks -- Attacking STP -- Summary -- Chapter 9: VoIP Exploitation -- VoIP fundamentals -- H.323 -- Skinny Call Control Protocol -- RTP/RTCP -- Secure Real-time Transport Protocol -- H.248 and Media Gateway Control Protocol -- Session Initiation Protocol |
|
VoIP exploitation -- VoIP attacks -- Denial-of-Service -- Eavesdropping -- SIP attacks -- SIP registration hijacking -- Spam over Internet Telephony -- Embedding malware -- Viproy - VoIP penetration testing kit -- VoLTE Exploitation -- VoLTE attacks -- SiGploit - Telecom Signaling Exploitation Framework -- Summary -- Chapter 10: Insecure VPN Exploitation -- Cryptography -- Cryptosystems -- Ciphers -- Classical ciphers -- Modern ciphers -- Kerckhoffs' principle for cryptosystems -- Cryptosystem types -- Symmetric cryptosystem -- Asymmetric cryptosystem -- Hash functions and message integrity -- Digital signatures -- Steganography -- Key management -- Cryptographic attacks -- VPN fundamentals -- Tunneling protocols -- IPSec -- Secure Sockets Layer/Transport Layer Security -- SSL attacks -- DROWN attack (CVE-2016-0800) -- POODLE attack (CVE-2014-3566) -- BEAST attack (CVE-2011-3389) -- CRIME attack (CVE-2012-4929) -- BREACH attack (CVE-2013-3587) -- Heartbleed attack -- Qualys SSL Labs -- Summary -- Chapter 11: Routing and Router Vulnerabilities -- Routing fundamentals -- Exploiting routing protocols -- Routing Information Protocol -- RIPv1 reflection DDoS -- Open Shortest Path First -- OSPF attacks -- Disguised LSA -- MaxAge LSAs -- Remote false adjacency -- Seq++ attack -- Persistent poisoning -- Defenses -- Interior Gateway Routing Protocol -- Enhanced Interior Gateway Routing Protocol -- Border Gateway Protocol -- BGP attacks -- Exploiting routers -- Router components -- Router bootup process -- Router attacks -- The router exploitation framework -- Summary -- Chapter 12: Internet of Things Exploitation -- The IoT ecosystem -- IoT project architecture -- IoT protocols -- The IoT communication stack -- IP Smart Objects protocols suite -- Standards organizations -- IoT attack surfaces -- Devices and appliances -- Firmware -- Web interfaces |
|
Network services |
|
This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices , modern operating systems and help you secure high security environments |
|
Description based on publisher supplied metadata and other sources |
|
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2020. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries |
| Link |
Print version: Chebbi, Chiheb Advanced Infrastructure Penetration Testing : Defend Your Systems from Methodized and Proficient Attackers
Birmingham : Packt Publishing, Limited,c2018 9781788624480
|
| Subject |
Penetration testing (Computer security)
|
|
Electronic books
|
|
